Lately I have sat down to talk with a couple of different groups of people working outside of tech. As someone working with cybersecurity there was a set of statements where I had to interject. This post is a result of these discussions, with the aim to be a reference that can be used to improve the security of everyone, no great technical skills required. I will focus on how we secure our accounts, focusing on the login experience. ...
Lately, I’ve been thinking about the complexity of securing the software supply chain. If there’s one lesson we’ve learned from incidents like the SolarWinds and Kaseya attacks, it’s that our supply chains are increasingly becoming the weakest link in our cybersecurity defenses. What makes it even more challenging is the regulatory landscape—particularly within the European Union (EU)—which is evolving to place more responsibility on organizations to secure their supply chains. ...
There are endless ways to divide vulnerabilities into different classifications. Each more granular than the other. However, there is also a need to for a simple divide, targeted to the business. That is the problem this post will solve. By using the same categories as in the post Security for Any Development Team I will break down security vulnerabilities into three categories. After reading this post, you will get an insight into why vulnerabilities may arise, and what can be done to minimise the risk. ...
In todays internet based world, phishing has become a great nuisance. We all know about the emails trying to trick the receiver to perform an action that is to the senders gain. This could be to install malware, send money, or something else. Either way, this is just the newest variant of the con (aka confidence game) to trick someone for gains. After reading The Confidence Game by Maria Konnikova I got to thinking. Where goes the line between a con and business? ...
Security Champions is a concept that gets more and more attraction. The function might go under another name, such as Security Masters, but the concepts are the same. In this post I will dig into what this role contains and how it can be applied to improve the security posture of an organisation. My experience with Security Champions is in Research and Development organisations, so my views are anchored in RnD. However I see no reason why Security Champions could not be applied in other kinds of organisations as well. ...